A report issued by DLA Forward J6 Officer, informing the JTF Commander that when the intermittent modem connection reported in Issuing IA Incident Report Discovery Of Intermittent Modem Connection's ia incident report was active, the suspect PC was connected to the Secret Command LAN and that the PC's network interface card was operating in promiscuous mode. A software-based sniffer was subsequently discovered in the WindowsSystem directory. The sniffer was a Trojan of the normal systray.exe file that should be 37KB in size. The sniffer Trojan file was 367KB in size. Sniffed data was stored in a dummy backup registry file, sys.bak. All sites are urged to immediately check all PCs in their enclaves for such Trojan files, NIC in promiscuous mode, and modems on PC connected to Secret or SBU LANs.